Lucene search
K
JoomlaMost viewed

747 matches found

Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2016/09/26 12:0 a.m.13 views

Huge IT Googlemaps,1.0.9,SQL Injection

Huge IT Googlemaps,1.0.9, Multiple SQL Injection vulnerabilities...

1.5AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2016/02/29 12:0 a.m.13 views

Breezing Forms Lite

Breezing Forms Lite before build 912 Information disclosure Resolution: update to latest version Update notice: https://crosstec.org/en/blog/859-breezingforms-medium-security-update.html...

0.4AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2015/11/06 12:0 a.m.13 views

cckseblod 1.x Directory Traversal

comcckseblod aka seblod 1.x for Joomla 1.5 1.9.0 and all previous versions Directory Traversal Resolution: update to 1.9.1 Update notice: http://www.seblod.com/changelogs?sebchangelogproduct=cck1x Developer states that Seblod 3.x, the version compatible with Joomla 2.5 and 3, is not vulnerable...

2.5AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2013/06/01 9:28 p.m.13 views

Jinc, all versions,

Jinc, all versions, XSS Cross Site Scripting UpdateNotice URL http://lhacky.altervista.org/jextensions/index.php/component/content/article/21-news/jinc/100-security-issue-on-jinc-1-0-1...

6.2AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2013/02/20 8:37 p.m.13 views

MT Fire Eagle

LFI http://joomlacode.org/gf/project/jfireeagle/frs/http://www.moto-treks.com 190410 product considered retired and to be replaced by dev Authors:...

7.1AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2017/03/05 12:0 a.m.12 views

Coupon manager, 3.5

Coupon manager by joomla6teen.com, 3.5, SQL Injection...

2AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2017/02/02 12:0 a.m.12 views

Huge IT gallery,1.1.5,SQL Injection

Huge IT gallery,1.1.5,SQL Injection resolution: update to 1.1.9...

1.5AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2015/06/26 12:0 a.m.12 views

SimpleImageUpload by Tuts4You, 1.2 and below, Other

SimpleImageUpload by Tuts4You, 1.2, Other...

1.2AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2014/12/07 9:54 p.m.12 views

Events Booking, 1.6.7 and lower, (module: Search Events)

Events Booking 1.6.7 =Vulnerability: XSS Cross Site Scripting Extension Update Details This issue only affect the search module Search Events which comes with Events Booking. We released version 1.6.8 to address this issue...

6.2AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2013/12/19 12:0 a.m.12 views

extplorer, 2.1.4 and below

extplorere, ID,DT, release of 2.1.5 http://extplorer.net/news/14...

Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2013/08/01 1:51 p.m.12 views

Cobalt,8.270

Cobalt, , DT/permissions developer update Notice updated http://www.mintjoomla.com/blog/item/279-update-cobalt-v-8-279-stable.html...

7.2AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2025/11/14 12:0 a.m.11 views

[20260517] - Core - Incorrect Cache Key Construction for InputFilter objects

The InputFilter::getInstance method omitted a security sensitive parameter from the instance cache key...

7.5CVSS5.8AI score0.00245EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2024/10/18 12:0 a.m.11 views

HikaShop, 5.1.3, Other ACL

Update to Hikashop 5.1.4 . No other details on this exploit will be release...

6.5CVSS6.9AI score0.0015EPSS
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2017/09/14 12:0 a.m.11 views

Joomanager, other

Joomanager from joomanager.com, 2.0.0 and previous versions users are advised to uninstall immediately...

3.9AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2017/03/05 12:0 a.m.11 views

One Vote,1.1.1,SQL Injection

One Vote by advcomsys.com, 1.1.1 and previous, SQL Injection resolution: update to 1.2.2 update notice: http://www.advcomsys.com/joomla-demos...

1AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2025/08/16 10:35 p.m.10 views

phoc commander, varios,

Update to latest secure version https://www.phoca.cz/news/1384-phoca-commander-version-5-0-2-and-4-0-1-released...

7.2AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2025/07/23 9:37 p.m.10 views

rsblog

Extension: RSBlog! Version: Old 1.14.4, 1.14.5 / New 1.14.6 Update details: Versions affected 1.11.6 to 1.14.5 Stored XSS allows remote authenticated attackers to inject arbitrary web script or HTML via the tag parameter. Fixed in 1.14.6 Update URL:...

5.6AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2017/03/07 12:0 a.m.10 views

UserExtranet,1.3.2,SQL Injection

UserExtranet by Beesto.com, 1.3.2 and previous, SQL Injection resolution: update to 1.3.3 update notice: http://www.beesto.com/forum/read.php?30,2085...

1.2AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2017/02/26 9:59 a.m.10 views

GPS Tools v4.0.1,4.0.1,SQL Injection

GPS Tools v4.0.1,4.0.1,SQL Injection Developer release statement to the vel team https://www.corejoomla.com/news/1163-gps-tools-v4-0-2-is-released.html...

7.1AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2025/07/23 9:39 p.m.9 views

rsmail

Extension: RSMail! Version: Old 1.22.26, 1.22.27, 1.22.28 / New 1.22.29 Update details: Versions affected 1.19.20 through 1.22.28. Self XSS allows remote authenticated attackers to inject arbitrary web script or HTML via a crafted parameter. Fixed in 1.22.29 Update URL:...

5.6AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2025/07/23 12:0 a.m.9 views

rsdirectory

Extension: RSDirectory! Version: Old 2.2.7 / New 2.2.8 Update details: Versions affected 1.0.0 through 2.2.7 Stored XSS allows remote authenticated attackers to inject arbitrary web script or HTML via the review reply component. Fixed in 2.2.8 Update URL:...

5.6AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/05/07 12:0 a.m.8 views

[20260705] - Core - XSS in various modalreturn layouts

Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components...

8.4CVSS5.9AI score0.00269EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/03/10 12:0 a.m.8 views

[20260304] - Core - XSS vectors in various article title outputs

Lack of output escaping for article titles leads to XSS vectors in various locations...

8.4CVSS5.8AI score0.0019EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/03/05 12:0 a.m.8 views

[20260302] - Core - SQL injection in com_content articles webservice endpoint

Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint...

8.8CVSS5.8AI score0.00341EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2023/07/07 12:0 a.m.8 views

LM-CUSTOM-ADMIN, , Other

Version: Old 2.7.3 / New 2.7.4 Update details: block cde php shellexec Update URL: https://lomart.fr/extensions-blog/38-modules-administrator/125-lm-custom-administrator Changelog URL:...

7AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/06/12 12:0 a.m.7 views

[20260711] - Core - Incorrect Access Control in com_privacy webservice endpoints

An improper access check allows unauthorized users to access comprivacy datasets...

8.8CVSS6AI score0.0025EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/03/11 12:0 a.m.7 views

[20260301] - Core - ACL hardening in com_ajax

The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers...

7.3CVSS5.8AI score0.00249EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/05/15 12:0 a.m.6 views

[20260708] - Core - XSS through language overrides

Improper validation leads to a generic XSS vector in the language override feature...

8.4CVSS5.9AI score0.00269EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/05/07 12:0 a.m.6 views

[20260704] - Core - XSS in com_templates

Lack of escaping leads to an XSS vulnerability in the file management view of comtemplates...

8.4CVSS5.9AI score0.00269EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/05/07 12:0 a.m.6 views

[20260703] - Core - XSS in MFA method management

Lack of validation leads to an XSS vulnerability in the MFA management views...

8.4CVSS5.9AI score0.00269EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/05/22 12:0 a.m.5 views

[20260710] - Core - Incorrect Access Control in com_modules

An improper access check allows users to display a list of modules in the frontend...

6.4CVSS6AI score0.0025EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/05/21 12:0 a.m.5 views

[20260706] - Core - XSS in com_installer

Lack of escaping leads to an XSS vulnerability in the update list view of cominstaller...

8.4CVSS5.9AI score0.00269EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/05/15 12:0 a.m.5 views

[20260707] - Core - XSS in the generic image output layout

Lack of escaping leads to an XSS vulnerability in the generic image output layout...

8.4CVSS5.9AI score0.00269EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/05/05 12:0 a.m.5 views

[20260712] - Core - Incorrect Access Control in com_fields webservice endpoints

An improper access check allows unauthorized users to create custom fields via webservices endpoints...

8.8CVSS6AI score0.00273EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/04/22 12:0 a.m.5 views

[20260709] - Core - Incorrect Access Control in com_workflow

An improper access check allows unauthorized users to access workflow stage and transition information...

6.5CVSS6AI score0.0025EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/04/15 12:0 a.m.5 views

[20260508] - Core - Improper access check in com_config webservice endpoints

An improper access check allows unauthorized access to comconfig webservice endpoints...

9.8CVSS6AI score0.00348EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/04/01 12:0 a.m.5 views

[20260503] - Core - XSS in com_contenthistory

Lack of output escaping leads to a XSS vector in the content history component...

6.9CVSS5.9AI score0.00175EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/03/31 12:0 a.m.5 views

[20260507] - Core - Authenticated blind SQLi in com_tags

Improperly validated order clauses lead to a SQL injection vulnerability in comtags...

6AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/03/28 12:0 a.m.5 views

[20260505] - Core - CSRF in user activation endpoint

Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of comusers...

4.6CVSS5.9AI score0.00104EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/05/07 12:0 a.m.4 views

[20260702] - Core - Incorrect Access Control in com_contact vcf download

An improper access check allows user to download vcard exports of comcontact contacts that are inaccessible...

8.8CVSS6AI score0.0025EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/05/05 12:0 a.m.4 views

[20260701] - Core - Incorrect Access Control in com_media webservice endpoints

An improper access check allows privileged users to overwrite media files without editing permissions...

6.4CVSS6AI score0.0025EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/04/15 12:0 a.m.4 views

[20260509] - Core - LFI in HTMLView layout parameter

An improper validation of user-supplied input leads to a local file inclusion vulnerability...

9.8CVSS5.9AI score0.00482EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/04/15 12:0 a.m.4 views

[20260510] - Core - Path traversal in com_media webservice endpoint

An improper validation of the search parameter of the commedia files API endpoint leads to a path traversal vulnerability...

7.5CVSS5.9AI score0.00445EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/04/14 12:0 a.m.4 views

[20260504] - Core - XSS in readmore links

Lack of output escaping leads to a XSS vector in the content history component...

6.9CVSS5.9AI score0.00175EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/04/01 12:0 a.m.4 views

[20260502] - Core - XSS in com_associations

Lack of output escaping leads to a XSS vector in the multilingual associations component...

6.9CVSS5.9AI score0.00175EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/03/31 12:0 a.m.4 views

[20260506] - Core - Authenticated blind SQLi in com_finder

Improperly built filter clauses lead to a SQL injection vulnerability in the search query for comfinder...

9.8CVSS6AI score0.0031EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/03/28 12:0 a.m.3 views

[20260501] - Core - XSS in feed modules

Lack of output escaping leads to a XSS vector in the feed modules...

6.9CVSS5.9AI score0.00175EPSS
Exploits0Affected Software1
Total number of security vulnerabilities747